X
Tech

Unauthorized, mislabeled Microsoft support tool leaks; could cause more trouble than it cures

Several mainstream tech sites this week published details of a purported new Microsoft support tool designed to fix problems with the Windows 10 Anniversary Update. After some digging, I can report that it is no such thing. My advice: Stay far away from this "Windows Self Healing Tool."
Written by Ed Bott, Senior Contributing Editor
self-healing-tool.jpg

One support expert called this unofficial tool "frightening"

If you want to be a Windows expert, one of the most important lessons to learn is skepticism. Whenever someone claims to have a magic fix-it tool or a MakeRocketShipGoFast registry tweak, you should keep it away from any system you care about until you can confirm it does what it says it does.

In my experience, those claims rarely turn out to be true.

That guideline applies double when the bag of magic beans comes from a user in a support forum, or even from a first-tier support rep.

This week's case in point is instructive. According to a post on the Microsoft Answers forum for owners of Surface devices, Microsoft is testing a "Windows Self Healing Tool" specifically designed to fix problems with the Anniversary Update.

After downloading the tool in question, I became suspicious and started asking some questions.

One of the first red flags for me was the information embedded in the file itself. It has a copyright date of 2015 and the copyright holder is Microsoft Mobile Oy.

oy-microsoft-support-tool.jpg

The copyright notice gives this tool's Nokia origins away.

That's the former Nokia division, which has been almost completely dismantled at this point.

Update: Here's a little more evidence that this tool originated in the former Nokia group. The Azure Blob Storage account is the same one used by the old Nokia Software Recovery Tool, designed for reinstalling the Windows Phone software on a Lumia device. See this snippet from a Microsoft forum thread.

nokia-software-recovery-tool.jpg

The portion of the address highlighted in yellow is a Microsoft Azure Blob Storage account.

There's a similar address for that tool's replacement, the Windows Device Recovery Tool.

This is the address that the Microsoft shortened link for the so-called "Windows Self Healing Tool" resolves to:

self-healing-tool-download-details.jpg

Note the Azure account for the supposedly new "self healing tool."

All the links I found to this location were related to Windows Phone-related tools.

After a little more digging, I can report that this tool is indeed being distributed from Microsoft's servers. It is digitally signed by Microsoft's code-signing certificate and is hosted on an Azure server. But it has nothing to do with the Anniversary Update and was apparently built by a single tech working in the Surface support group. It does not have the blessing of the Windows Support group.

In fact, there are two different versions floating around, each with its own Microsoft short link (which any employee can generate). The version with the higher release number displays this message after the script runs:

"You'll need to restart your Surface to finish repairs."

That's even more evidence that this tool is intended for Surface repair techs and not for mainstream Windows support.

The app as it now exists simply runs a slew of PowerShell commands to automate a set of tasks for resetting a Windows 10 device. The fancy GUI that wraps those PowerShell commands appears to have been borrowed from a much older Nokia-authored tool. (In fact, it very closely resembles the old Nokia Software Recovery Tool, which was used to reset Windows Phone devices.)

The trouble is, this tool was built for internal use by support techs trying to resolve update issues on Surface devices. It was never authorized for general release, and it does far too much to be unleashed on an unsuspecting public with no documentation.

One engineer who looked closely at what this utility was doing called it "a sledgehammer." Another support rep who also examined how it works was reportedly "frightened by some of the things this is doing."

By themselves, the PowerShell commands are safe, but the combination can have some unintended side-effects. For example, it deletes any custom power schemes and reinstalls Windows 10's Universal Windows Platform apps, deleting their saved settings. One command also makes it impossible to uninstall any previously installed updates, which is why this sort of brute force reset should be a final step in troubleshooting.

If you're tempted to download and run this thing, my advice is to steer clear.

If you've already run it, good luck. You probably haven't damaged anything, but without documentation, who really knows?

Editorial standards